CVE-2019-6120
HIGHNiceHash Miner < 2.0.3.0 - Unauthenticated Email Enumeration via Wallet Addition Rate Limit Bypass
Title source: llmDescription
An issue was discovered in NiceHash Miner before 2.0.3.0. A missing rate limit while adding a wallet via Email address allows remote attackers to submit a large number of email addresses to identify valid ones. By exploiting this vulnerability with CVE-2019-6122 (Username Enumeration) an adversary can enumerate a large number of valid users' Email addresses.
References (2)
Core 2
Core References
Exploit, Third Party Advisory x_refsource_misc
https://docs.google.com/document/d/1OubhuTRzuTMnkZ9SCFb8BtJVbTu840wDxyWu3VWHwvs/edit
Exploit, Third Party Advisory x_refsource_misc
https://cyberworldmirror.com/nicehash-vulnerability-leaked-miners-information/
Scores
CVSS v3
7.5
EPSS
0.0174
EPSS Percentile
74.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Details
CWE
CWE-770
Status
published
Products (1)
nicehash/miner
< 2.0.3.0
Published
Nov 06, 2019
Tracked Since
Feb 18, 2026